Static Scan Results
scanned 12d ago · by rust-scannerStatic analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
ChildProcessDynamicRequireFilesystem
Source & flagged code
7 flagged · loading sourcepackage.jsonView file
•scripts.preinstall = node utils/setup.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgtest/unit/adapterTestUnit.jsView file
34patternName = generic_password
severity = medium
line = 34
matchedText = const pa...rd';
Medium
Secret Pattern
Package contains a possible secret pattern.
test/unit/adapterTestUnit.jsView on unpkg · L34adapter.jsView file
11/* Required libraries. */
L12: const fs = require('fs-extra');
L13: const path = require('path');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
adapter.jsView on unpkg · L11utils/pre-commit.shView file
•path = utils/pre-commit.sh
kind = build_helper
sizeBytes = 688
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
utils/pre-commit.shView on unpkgutils/testRunner.jsView file
19patternName = generic_password
severity = medium
line = 19
matchedText = let pass...rd';
Medium
29patternName = generic_password
severity = medium
line = 29
matchedText = const dp...rd';
Medium
89patternName = generic_password
severity = medium
line = 89
matchedText = intTest ...;`);
Medium
Findings
1 High7 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumSecret Patterntest/unit/adapterTestUnit.js
MediumDynamic Requireadapter.js
MediumShips Build Helperutils/pre-commit.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternutils/testRunner.js
MediumSecret Patternutils/testRunner.js
MediumSecret Patternutils/testRunner.js
LowScripts Present
LowFilesystem